Definition: Software installed without active consent or through confusing license agreements.
Nature: Often not classified as malware, sometimes referred to as grayware or bloatware.
3. Payload Classification
Malware can be classified based on the action performed, such as:
Spyware
Rootkits
Remote Access Trojans (RAT)
Ransomware
Computer Viruses
Definition: A type of malware designed to replicate and spread from computer to computer by infecting executable applications or program code.
Types of Viruses:
Non-resident/File Infector: Resides within a host executable file and tries to infect other files.
Memory Resident: Creates a new process in memory; continues to run even if the host is terminated.
Boot Virus: Executes from the disk boot sector when the operating system starts.
Script and Macro Viruses: Use local scripting engines like PowerShell, JavaScript, or VBA.
Advanced Classifications:
Multipartite Viruses: Use multiple infection vectors.
Polymorphic Viruses: Can change their code to evade detection.
Dissemination: Infected files may spread via disks, network, attachments, or downloads.
Computer Worms
Definition: Memory-resident malware that replicates autonomously over network resources without user intervention.
Operation:
Often uses vulnerabilities to spread, such as through compromised web applications.
Examples:
Code Red Worm: Exploited buffer overflow vulnerabilities in IIS web server software.
Conficker Worm: Showed potential for remote code execution and exploitation.
Fileless Malware
Characteristics:
Does not write code to disk; remains in memory.
Utilizes living-off-the-land techniques using legitimate scripting tools (PowerShell, WMI).
Persistence: May change registry values for longevity.
Obfuscation: Uses shellcode and can download additional malicious payloads.
Cookies and Tracking Mechanisms
Tracking Cookies: Plaintext files that track user activity unless blocked by browser settings.
Supercookies: Store data in non-standard ways that are hard to disable.
Beacons: Invisible pixels on websites used to track users and collect metadata.
Adware: A type of PUP that changes browser settings and collects user data.
Spyware and Keyloggers
Spyware: Tracks user activity, takes screenshots, and hijacks recordings, including microphone or webcam data.
Keylogger: Records keystrokes to gather sensitive information such as passwords or financial data. May be implemented through software or hardware.
Backdoors and Remote Access Trojans (RATs)
Backdoor: An access method that bypasses standard authentication protocols.
RAT Definition: Malware designed to mimic legitimate remote administration tools secretly allowing remote access by attackers.
Botnets: Networks of compromised machines (zombies) controlled by malware for malicious purposes like DDoS attacks or spam.
Rootkits
Definition: Malware that gets root or administrative access, enabling privileged control over a host system.
Capabilities: Can manipulate system files and processes to conceal its presence.
Operating Principles: May exist in firmware and can evade detection by altering system logs or messages.
Ransomware, Crypto-Malware, and Logic Bombs
Ransomware: Encrypts files or locks systems to extort money from victims.
Crypto-Malware: Specifically encrypts files on various drives and demands payment for decryption keys.
Logic Bombs: Malware that executes based on specific conditions or triggers, distinct from standard malware that executes immediately.
Conclusion
Understanding the various classifications and functionalities of malware is essential for effective cybersecurity practices and incident response planning.